[EMAIL PROTECTED] wrote:
>
> Radovan Semancik wrote:
> >
> > Hi!
> >
> > Maybe this is FAQ or even OT, but anyway:
> >
> > How is certificate renewal done? I mean the case, that user's
> > certificate expired and she wants a new one.
> >
> > User sends a new CSR? How does CA handle it? And how about serial
> > number, I don't think it will be the same for expired and renewed
> > certificate. Is that the case?
> >
> > TIA
>
> To renew a certificate you don't have to resend a Request to the
> CSP - at least Netscape don't support it (AFAIK) - simply the CSP
> should have kept a copy of your original request and issue a new
> certificate with a new validity period. This almost depends on the
> crypto layer you are using and policies you are following.
>
> If you simply renew the same key-pair just use the old request, but
> keep in mind that it is a good policy to renew all keys in a 2 years
> period...
And what about the certificate serial number. It will be changed or
stays same?
User will download a renewed certificate just as a "original" one? Won't
Netscape complaint about duplicate certificate?
--
Ing. Radovan Semancik ([EMAIL PROTECTED])
System Engineer, Business Global Systems a.s.
http://storm.alert.sk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
